Election Law Program hosts symposium on the role of courts in promoting election security

Promoting Election SecurityMeredith McCoy ’12, an associate in Venable LLP’s political law group, argued on behalf of the Bayne Registrar. Presiding over the case were Edgardo Cortes, Former Commissioner of the Virginia Department of Elections and current advisor on cybersecurity and elections at the Brennan Center; David Becker, Executive Director of the Center for Election Innovation & Research; and Mark Listes, Policy Counsel at the U.S. Election Assistance Commission
Photo by David F. Morrill

Promoting Election SecurityJohn Davisson of the Electronic Privacy Information Center took on the role of Counsel for the Secretary of State.
Photo by David F. Morrill

Promoting Election SecurityRebecca Green, Professor of the Practice of Law, and Co-Director of the Election Law Program, moderated the debriefing and discussed election security challenges going forward.
Photo by David F. Morrill

Photo - of -

by David F. Morrill
|
April 17, 2018

On April 12, the William & Mary Election Law Program hosted a unique symposium, “Election Data Security: Testing Critical Infrastructure Designation,” aimed at expanding understanding of the role of courts in promoting election security.

Following opening remarks by symposium co-chairs Camden Kelliher ’21 and Alexis Dalton ’20, the event kicked off with a war game simulating an election security dispute in “Flichigan,” a fictional state that combines the Virginia election code with provisions from the Michigan state constitution.

In the fictional scenario, Flichigan experienced a hack of its voter registration database in Flichigan’s most populous county, Bayne County. The hack occurred several weeks prior to Flichigan’s U.S. Senate primary elections in August 2018. The hacker changed registration information of roughly one hundred Flichigan voters, resulting in mass confusion at Bayne County polling places on the day of the primary. Bayne County election officials worked to efficiently resolve the matter by issuing provisional ballots and engaging in an audit process following the primary to ensure an accurate count. The winning candidate won in a landslide.

As the November general election approached, Secretary of State John Ruth—the state’s chief election official—hired an outside vendor to audit the security of the state’s election system. Secretary Ruth immediately implemented all recommendations that the vendor made. On this basis, Secretary Ruth believed that the necessary steps were taken to ensure the general election would be secure. Mary Barrett, General Registrar of Bayne County, was not convinced. She invoked a federal statute that enables non-federal entities to request that the Department of Homeland Security (DHS) conduct a security assessment. Because, as of January 2017, elections are designated as critical infrastructure to be afforded special protection under the Critical Infrastructure Protection Act of 2014, DHS gave priority to Barrett’s request. Barrett requested specifically that DHS conduct a security audit of Bayne’s voter registration system, a request that would require the cooperation of the Secretary of State in providing access to DHS. Secretary Ruth, skeptical of federal meddling in state election matters and concerned that such access could subject Bayne data to enhanced risk, refused DHS access to Bayne County’s voter registration system. In response, Registrar Barrett sought a writ of mandamus to compel Secretary Ruth’s cooperation, a request which a Flichigan trial court denied. Registrar Barrett immediately appealed, leading to the oral argument at the Election Law Symposium’s war game: Bayne v. Ruth.

Venable political law attorney Meredith McCoy ’12 argued before the bench as counsel for Bayne County’s General Registrar. John Davisson of the Electronic Privacy Information Center (EPIC) (an organization on the forefront of advocating for voter privacy) argued on behalf of Secretary Ruth.

After argument concluded, the panel retired to deliberate, returning a 2-1 verdict in favor of the state and denying the writ of mandamus.

The majority agreed with the Secretary of State that security should be handled centrally, not locally. They asserted that local registrars’ state constitutional duty to maintain “the purity of elections” extended to maintenance and upkeep of the voter registration records but did not extend to making unilateral cybersecurity decisions. The dissent agreed with the Registrar’s argument that maintenance of the voter records indicated an implicit duty to ensure data security.

“I think it’s very difficult to make the case that anyone in the…local jurisdictions has the right at any point in time to tell a federal agency to come in and scan a state-owned system,” Mock Judge Becker opined. “I think you need to show extraordinary need for that…. So ultimately I didn’t see any extraordinary need there to impose federal jurisdiction over a state.”

Following the war game, William & Mary Professor Rebecca Green, who co-directs the Election Law Program, moderated a debrief of the trial, during which questions arose regarding the realism and scale of the fictional scenario. Questions also delved into real-life election security issues.

In all, the Symposium highlighted numerous core challenges that face election administrators as they work to secure U.S. elections in 2018 and beyond. What was clear from the assembled gathering is that a lot of smart minds are on the job.

Thomas Jefferson founded William & Mary Law School in 1779 to train leaders for the new nation. Now in its third century, America’s oldest law school continues its historic mission of educating citizen lawyers who are prepared both to lead and to serve.